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AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows: 
1.-24. (Canceled) 

25. (New) A method for creating a nested role in a tree structured directory server comprising a 
plurality of entries comprising: 

accessing a first role associated with one or more of said plurality of entries wherein said 
first role comprises a first identifiable attribute and a first distinguished name; 

accessing a second role associated with one or more of said plurality of entries wherein 
said second role comprises a second identifiable attribute and a second 
distinguished name; and 

creating said nested role by encapsulating said first distinguished name and said second 
distinguished name wherein said nested role comprises said first identifiable 
attribute and said second identifiable attribute and can be associated with one or 
more of said plurality of entries. 

26. (New) The method as recited in claim 25 further comprising: 

encapsulating said first identifiable attribute and said second identifiable attribute into a 
third distinguished name. 

27. (New) The method as recited in claim 26 wherein said third distinguished name is 
nsRoleDN. 

28. (New) The method as recited in claim 25 wherein said first role is a dynamic role and 
wherein said first identifiable attribute is computed at the time of accessing said first role. 

29. (New) The method as recited in claim 25 wherein said first role is an enumerated role. 

30. (New) The method as recited in claim 25 wherein said first role is a filtered role. 

31. (New) The method as recited in claim 25 wherein said first role is a nested role. 

32. (New) A system for creating a nested role in a tree structured directory server comprising a 
plurality of entries comprising: 
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a directory server comprising a hierarchical data store associating a plurality of entries 
with service attributes, said hierarchical data store comprising an organization 
level and a role level and further comprising attribute templates defined with 
respect to services and levels; 

an application for accessing a first role level associated with one or more of said plurality 
of entries wherein said first role level comprises a first service attribute and a first 
distinguished name; 

an application for accessing a second role level associated with one or more of said 
plurality of entries wherein said second role level comprises a second attribute 
and a second distinguished name; and 

an application for creating said nested role level by encapsulating said first distinguished 
name and said second distinguished name wherein said nested role level 
comprises said first service attribute and said second service attribute and can be 
associated with one or more of said plurality of entries. 

33. (New) The system as recited in claim 32 wherein said first service attribute and said second 
service attribute are encapsulated into a third distinguished name. 

34. (New) The system as recited in claim 33 wherein said third distinguished name is 
nsRoleDN. 

35. (New) The system as recited in claim 32 wherein said first role level is a dynamic role level 
and wherein said first service attribute is computed at the time of accessing said first role 
level. 

36. (New) The system as recited in claim 32 wherein said first role level is an enumerated role 
level. 

37. (New) The system as recited in claim 32 wherein said first role level is a filtered role level. 

38. (New) The system as recited in claim 32 wherein said first role level is a nested role level. 

39. (New) A method for validating whether an entry of a tree structured hierarchical directory 
server comprising a plurality of entries meets criteria for a nested role comprising: 

accessing said nested role comprising a first distinguished name and a second 
distinguished name and further comprising a first identifiable attribute and a 
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second identifiable attribute wherein each of said identifiable attributes can be 
associated with one or more of said plurality of entries; and 

in response to a query for an entry, computing a computed attribute associated with one 
or more of said plurality of entries and verifying if said computed attribute 
matches said first identifiable attribute or said second identifiable attribute. 

40. (New) The method as recited in claim 39 further comprising: 

encapsulating said first identifiable attribute and said second identifiable attribute into a 
third distinguished name. 

41. (New) The method as recited in claim 40 wherein said third distinguished name is 
nsRoleDN. 
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